Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sign: IsImageSigned() #39

Merged
merged 4 commits into from
Feb 14, 2022
Merged

sign: IsImageSigned() #39

merged 4 commits into from
Feb 14, 2022

Conversation

puerco
Copy link
Member

@puerco puerco commented Feb 14, 2022
edited
Loading

Thit PR introduces a new method to the signer object IsImageSigned() which returns a bool indicating if an image reference has signatures attached to it.

This is needed because we need to know if images are signed before triggering image verification on a reference.

Needed for verifying images in the container image promoter: kubernetes-sigs/promo-tools#498

Related to
kubernetes/release#2383
kubernetes/release#2227

/cc @saschagrunert @cpanato @xmudrii @PushkarJ @palnabarun

New signer method `IsImageSigned()` allows tp check if an image reference has one or more digital signatures attached.

@puerco
sign: Add IsImageSigned Method
0db298f 
This commit adds a function to check if an image reference
is signed. As some of the image verification methods are still
hidden behind the cosign API, we need to check for image signatures
to decide if verification is needed or not.

Signed-off-by: Adolfo García Veytia (Puerco) <adolfo.garcia@uservers.net>
@puerco
IsImageSigned unit test
d59779b 
Add iunit test for IsImageSigned() method, checks to ensure if
image is signed, not signed and error.

Signed-off-by: Adolfo García Veytia (Puerco) <adolfo.garcia@uservers.net>
@puerco
Regenerate signer implementation fakes
6632d25 
Signed-off-by: Adolfo García Veytia (Puerco) <adolfo.garcia@uservers.net>
@puerco
signer: IsImageSigned int tests
05e4c65 
Signed-off-by: Adolfo García Veytia (Puerco) <adolfo.garcia@uservers.net>
@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. sig/release Categorizes an issue or PR as relevant to SIG Release. approved Indicates a PR has been approved by an approver from all required OWNERS files. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Feb 14, 2022
This was referenced Feb 14, 2022
Closed
Merged
cpanato
cpanato approved these changes Feb 14, 2022
View reviewed changes
Copy link
Member

@cpanato cpanato left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: cpanato, puerco

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Feb 14, 2022
@k8s-ci-robot k8s-ci-robot merged commit 52b604e into kubernetes-sigs:main Feb 14, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cpanato cpanato cpanato approved these changes

@palnabarun palnabarun Awaiting requested review from palnabarun

@PushkarJ PushkarJ Awaiting requested review from PushkarJ

@saschagrunert saschagrunert Awaiting requested review from saschagrunert

@xmudrii xmudrii Awaiting requested review from xmudrii

Assignees

@cpanato cpanato

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. sig/release Categorizes an issue or PR as relevant to SIG Release. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@puerco @k8s-ci-robot @cpanato